Posted by Kevin Stange, Last modified by Kevin Stange on 13 July 2016 03:00 PM

Starting with CentOS 6.8, a newly introduced update to NSS causes certain applications to be unable to connect via TLS using GCM ciphers on virtual machines. This article describes the technical problem and how to apply the solution.

Symptoms and Detection

This issue affects virtual machines in very specific cases. It can be reproduced with a very simple connection test:

This will cause other applications to crash with similar error messages when they attempt to connect to a TLS server or serve a TLS client using any GCM cipher. You can verify that the issue is caused by misdetected hardware capabilities, by repeating the same command with NSS_DISABLE_HW_GCM=1 set: